b"                                              NUREG/BR-0304\n\n                                      Volume 1, Number 2\n                                        November 2003                          Good, Bad, and \xe2\x80\x9cFare\xe2\x80\x9d Travel\n                                                                               This edition of the OIG Information              tion services obtained at Federal\n                                                                               Digest highlights topics pertaining to           Government expense may retain the\n                                                                               Government travel that can have a                promotional item for personal use if it\n                                                                               positive or negative effect on an NRC            is obtained under the same terms as\n                                                                               employee depending on whether                    those offered to the general public\n                                                                               Government guidelines are followed.              and at no additional cost to the Fed-\n                                                                                                                                eral Government.\n                                                                               NRC travel procedures and guide-\n                                                                               lines have greatly changed over the              This final rule amended the Federal\n                                                                               past 10 years in response to the trav-           Travel Regulation (FTR) by removing\n                                                                               eling needs of the Government em-                provisions requiring that promotional\n                                                      OIG Information Digest\n\n                                                                               ployee. Per diem rates have in-                  benefits, including frequent flyer\n                                                                               creased in an effort to keep pace with           miles earned on official travel, be\nUNITED STATES NUCLEAR REGULATORY COMMISSION\n\n\n\n\n                                                                               the cost of travel. Federal employees            considered Government property\n                                                                               are now entitled to receive certain              only to be used for official travel.\n                                                                               travel benefits that, in the past, were\n                                                                               prohibited.                                      Since frequent traveler benefits may\n                                                                                                                                now be retained for personal use,\n                                                                               Federal Travel Regulation: Using                 you may use\n                                                                               Promotional Materials and                        any frequent\n                                                                               Frequent Traveler Programs                       traveler\n                                                                                                                                benefits you\n                                                                               On December 28, 2001, President                  have earned\n                                                                               Bush signed into law a provision that            to upgrade\n                                                                               Federal employees may retain pro-                your trans-\n                                                                               motional items such as frequent flyer            portation\n                                                                               miles and travel upgrades for per-               class to business or first class ser-\n                                                                               sonal use. The final rule was effec-             vice and for personal air travel. No\n                                                                               tive April 12, 2002. The General Ser-            approval is necessary for this up-\n                                                                               vices Administration (GSA) is issuing            grade because redeeming your own\n                                                                               regulations allowing Federal employ-             frequent flyer miles for an upgrade is\n                                                                               ees to retain and make personal use              equal to using your own personal\n                                                                               of promotional items earned while on             money. NRC Management Directive\n                                                                               official Government travel. A Federal            14.1 will be revised in the near future\n                                                                               traveler who receives a promotional              to reflect all these changes. In the\n                                                                               item such as frequent flyer miles, up-           meantime, Network Announcements\n                                                                               grades to business or first class, or            will be provided to all NRC employ-\n                                                                               access to carrier clubs or facilities as         ees with updates and new rules con-\n                                                                               a result of using travel or transporta-          cerning travel guidelines.\n\n\n                                                                                Inside this issue:                                   Special points of interest:\n                                                                                Good, Bad, and \xe2\x80\x9cFare\xe2\x80\x9d Travel              1-3\n                                                                                                                                     \xe2\x80\xa2 OIG Investigations on Use of Travel Card\n                                                                                OIG Audits                                3-4\n                                                                                                                                     \xe2\x80\xa2 OIG Investigations on the Full Share Pro-\n                                                                                Identify Theft                            4-5          gram\n                                                                                Identity Theft Case Investigated by FTC   5-6        \xe2\x80\xa2 Audit of Personnel Security Program\n                                                                                Computer Security                          6         \xe2\x80\xa2 Audit of Protection of Safeguards Informa-\n                                                                                                                                       tion\n\x0cGood, Bad, and \xe2\x80\x9cFare\xe2\x80\x9d Travel (cont. from page 1)\nOIG Investigations on                These personal purchases were        with the Administrative Services\nPersonal Use of Travel Card          not made in connection with any      Center (ASC) and certify that\n                                     official NRC business and, ac-       Metrocheks received under the\nOIG continues to receive indica-     cording to NRC travel records,       program will be used solely to\ntions of NRC employee misuse         the employee had not traveled        commute to and from work.\nof the Government VISA travel        on official NRC business for 5\ncard which in certain cases          years. This employee was ter-        The ASC also provides order\nleads to an investigation. The       minated from the NRC.                forms to redeem a Metrochek for\nfollowing are summaries of                                                the other fare media discussed\nthose investigations:                             NRC\xe2\x80\x99s Full Share        above. Employees may redeem\n                                                  Program (MD 13.4        Metrocheks for any of these fare\nOne OIG investigation deter-                      Part III)               media at the Montgomery\nmined that 30 personal pur-                                               County Transportation Office.\nchases were made on an                            Management Direc-       Metrochek brochures providing\nNRC employee\xe2\x80\x99s Citibank                           tive 13.4, Part III,    additional information on this\nGovernment VISA travel card                       states that as a re-    program are available in the\ntotaling over $2,500. These pur-     sult of the Federal Employees        ASC. For more detailed infor-\nchases were not made in con-         Clean Air Incentives Act of 1994,    mation about the Full Share Pro-\nnection with any official Govern-    executive departments and inde-      gram, log onto www.wmata.com.\nment travel and included             pendent agencies may partici-\ncharges for personal airline tick-   pate in any program established      Regions II and III have subsidy\nets, entertainment, medical          by a State or local government       programs similar to the head-\ntreatment, gasoline for personal     that encourages employees to         quarters program. Employees\nvehicles, and other miscellane-      use public transportation. In ac-    may participate in these pro-\nous expenses.                        cordance with this authority,                        grams by com-\n                                     NRC provides employee public                         pleting an appli-\nAnother OIG investigation dis-       transportation subsidies subject                     cation form pro-\nclosed that an NRC employee          to budget limitations and the lo-                    vided by their Di-\nsubmitted a fraudulent tempo-        cal transportation environment.                      vision of Re-\nrary quarters                                                                             source Manage-\ncontract to the                      In December 1991, NRC started                        ment and Ad-\nTravel Office to                     the Full Share Program by pro-                       ministration. At\nobtain $1,400 in                     viding eligible employees with a     this time, Region I does not\nreimbursement                        subsidy of up to $21 per month.      have a subsidy program in place\nfrom the Gov-                        That subsidy has now increased       because its offices are not ac-\nernment for compensation that        to a maximum of $100 per             cessible via public transporta-\nwas improperly paid. This em-        month. At headquarters, this         tion. Region IV provides a sub-\nployee also used the NRC Citi-       subsidy is provided in the form      sidy to employees who partici-\nbank VISA card for cash with-        of a Metrochek, a fare voucher       pate in van pools.\ndrawals totaling over $4,000.        that looks and works like a Met-\nThis employee was terminated         rorail farecard. Metrocheks can      Employees who qualify for the\nfrom Federal service.                either be used as a metrorail        Full Share Program are given a\n                                     farecard or redeemed for other       monthly transit benefit with a\nAnother OIG investigation deter-     transit media (e.g., Metrobus,       subsidy not to exceed $100.\nmined that an NRC employee           Ride-On, or MARC rail).              Each employee must fill out an\nmade 58 personal purchases on                                             application stating their home\nthe employee\xe2\x80\x99s NRC Citibank          NRC headquarters employees           address, mode of transportation,\nGovernment VISA travel card          wishing to participate in the Full   and the mileage and cost asso-\nwhich totaled over $10,000.          Share Program must register          ciated with their commute. Each\n\n\nPage 2                                                                              OIG INFORMATION DIGEST\n\x0cGood, Bad, and \xe2\x80\x9cFare\xe2\x80\x9d Travel (cont. from page 2)\napplicant is required to sign the      to and including dismissal from      in the daily commute between\nfollowing certification:               employment and possible prose-       home and work. This NRC em-\n                                       cution for Federal income                          ployee inappropri-\nI hereby acknowledge receipt of        tax evasion.                                       ately received\nthe Metrochek as a monthly                                                                $2,522 in transpor-\ntransportation fringe benefit val-     OIG Investigations Con-                            tation benefits.\nued at $$ (total) per month.           cerning Employee Use of\n                                       the Full Share Program                            A third NRC em-\nThis monthly benefit does not                                                            ployee, who\nexceed my average monthly              OIG conducted a review of                         claimed to reside in\ncommuting cost based on a 20-          the NRC Full Share Program to        Washington, DC when, in fact,\nday month commute by public            identify potential deficiencies in   the employee resided in Rock-\ntransportation or eligible van-        the administration of the pro-       ville, MD inappropriately re-\npool.                                  gram.                                ceived $905 in benefits. This\n                                                                            employee also misused the sub-\nI certify that I will use the fare     As a result of these investiga-      sidy program by using the Full\nmedia purchased under this pro-        tions, OIG found that one NRC        Share Program farecard for per-\ngram exclusively for my regular        employee deliberately misused        sonal travel. NRC recovered the\ndaily direct commute from home         the program subsidy by giving        farecards whose value totaled\nto work and return. I will not         the subsidy totaling $1,075.90 to    $2,522.\ngive, barter, exchange, convey,        a personal friend, and another\nor otherwise transfer this benefit     NRC employee falsely certified\nto any other person. I under-          two applications for the program\nstand and agree that false certi-      when the employee listed a\nfication may result in disciplinary    home address that was not used\naction taken by my employer up\n\nOIG Audits\nOngoing Audits                         building access and for access to    specifically identifies the de-\n                                       sensitive information technol-                     tailed (1) security\nAudit of NRC\xe2\x80\x99s Personnel Se-           ogy systems and data. This                         measures of a licen-\ncurity Program                         audit continues audit work                         see or an applicant\n                                       performed during FY 2003 on                        for the physical pro-\nNRC\xe2\x80\x99s Personnel Security Pro-          this issue. In FY 2003, audi-                      tection of special\ngram makes determinations on           tors focused on the personnel                      nuclear materials or\nthe initial and continuing eligibil-   security process as it pertains                    (2) security meas-\nity of NRC appli-                      to contractor employees. Dur-                      ures for the physical\ncants, consultants,                    ing FY 2004, auditors are focus-     protection and location of cer-\nand employees for                      ing on other program compo-          tain plant equipment vital to the\nfacility access au-                    nents to determine whether the       safety of production or utiliza-\nthorizations, em-                      program is effectively managed       tion facilities. NRC established\nployment clear-                        and achieves its goals.              its Sensitive Unclassified Infor-\nances, and access                                                           mation Security Program to en-\nto restricted data and national        Audit of NRC\xe2\x80\x99s Protection of         sure that sensitive unclassified\nsecurity information. The pro-         Safeguards Information               information is handled appro-\ngram also makes determinations                                              priately and is protected from\non the initial and continuing eligi-   Safeguards information is sensi-     unauthorized disclosure under\nbility of contractor employees for     tive unclassified information that\n\nNUREG/BR - 0 3 0 4                                                                                         Page 3\n\x0cOIG Audits (cont. from page 3)\npertinent laws, management di-        mation, (2) prevents the inappro-\nrectives, and applicable direc-       priate release of safeguards in-\ntives of other Federal agencies       formation to the public and NRC\nand organizations. This audit is      employees who should not have\nassessing whether NRC\xe2\x80\x99s pro-          access, and (3) adequately de-\ngram (1) adequately ensures the       fines what constitutes safe-\nprotection of safeguards infor-       guards information.\n\n\nIdentity Theft\nThe problems associated with          twice the 15,864 complaints re-     most popular auction sites is a\nidentity theft cannot be overem-      ceived in 2001. Ninety percent      column called Seller Information\nphasized. Identity theft is be-       of the complaints during 2002       and a link to feedback reviews\ncoming more and more preva-           pertained to online auctions,       that allow the consumer to read\nlent with the ease and access of      compared to 70 percent in 2001.     responses from other consum-\nusing ATM cards (debit cards) at      The other top complaints per-       ers regarding satisfaction with\nmost stores and credit cards          tained to general merchandise       the product and response from\nover the Internet. Daily radio        sales, Nigerian money offers,       the seller. Be sure to read all\nbroadcasts describe the numer-        computer equipment and soft-        the comments before you place\nous ways in which members of          ware, and Internet access ser-      your bid.\nthe public can be victimized by       vices.\nidentity theft scams. OIG has\npublished two bulletins describ-                                          Look for information about in-\ning measures to help you avoid        Most auc-                           surance and understand the\nfalling victim and steps to take if   tion bid-                           terms. Some auction sites offer\nyou become a victim. Copies of        ders are                            insurance protection, but cover-\nthis bulletin can be accessed by      looking for                         age is limited to set amounts,\ngoing to the NRC Web site and         bargains,                           there is usually a deductible,\nclicking on Inspector General,        hard-to-                            and there may be exclusions; for\nOIG Publications, and Fraud           find items,                         example, you may not be able to\nBulletins/Information Digest.         or things                           make a claim if you purchase\nThe April 2003 bulletin deals pri-    they collect. The average pur-      something from a seller whose\nmarily with identity theft. This      chase is $100 or less, but some     feedback rating was negative at\nbulletin can be downloaded and        people spend much more.             the time of sale.\nprinted.                              Many buyers pay by sending a\n                                      personal check, cashier\xe2\x80\x99s check,\n                                      or money order directly to the      Pay the safest way. If you pay\nOnline Auctions Dominate                                                  the seller directly with a credit\n                                      seller. Below is some advice for\nConsumer Fraud (Article from the                                          card, you can dispute the\nNational Consumer\xe2\x80\x99s League)\n                                      online auction bidders:\n                                                                          charges if the item never arrives\nLast year, the National Con-                                              or was misrepresented. You\nsumer\xe2\x80\x99s League received a re-         Check the seller\xe2\x80\x99s feedback         don\xe2\x80\x99t have that right if you use a\ncord number of complaints             rating if that information is       third-party online payment ser-\nabout online scams, with com-         available on the auction site.      vice, even if you use your credit\nplaints about online auctions ris-    While a positive rating is no       card to put the money into your\ning dramatically. In 2002,            guarantee that you won\xe2\x80\x99t have a     account with the service. How-\n36,802 complaints were filed          problem, a negative rating is a     ever, your credit card issuer may\nabout online scams, more than         danger sign. On one of the          still be willing to help you.\n\n\nPage 4                                                                              OIG INFORMATION DIGEST\n\x0cIdentity Thief Goes \xe2\x80\x9cPhishing\xe2\x80\x9d for Consumers\xe2\x80\x99 Credit\nInformation\nAn identity thief who allegedly      then asked consumers to enter       company\xe2\x80\x99s identity and then use\nused hijacked corporate logos        numbers from a new card to cor-     it to victimize consumers by\nand deceptive spam to con con-       rect the problem. It also asked     stealing their credit identities.\nsumers out of credit card num-       for consumers\xe2\x80\x99 names, mothers\xe2\x80\x99      This is the FTC\xe2\x80\x99s first law en-\nbers and other financial data has    maiden names, billing ad-           forcement action targeting\nagreed to settle Federal Trade       dresses, so-                        phishing. It won\xe2\x80\x99t be the last,\xe2\x80\x9d\nCommission (FTC) charges that        cial security                       he said. The settlement would\nhis scam violated federal laws.      numbers,                            bar the defendant from future\nIf approved by the court, the de-    bank routing                        violations of the FTC Act and the\nfendant, a minor, will be barred     numbers,                            Gramm-Leach-Bliley Act. It also\nfor life from sending spam and       credit limits,                      would bar the defendant from\nwill give up his ill-gotten gains.   personal iden-                      sending spam in the future. In\n                                     tification num-                     addition, the order would require\nThe FTC alleged that the scam,       bers, and AOL screen names          the defendant to give up $3,500\ncalled \xe2\x80\x9cphishing,\xe2\x80\x9d worked like       and passwords - the kind of data    in ill-gotten gains.\nthis: Posing as a representative     that would help the defendant\nof America Online (AOL), the         plunder consumers\xe2\x80\x99 credit and       An FTC Consumer Alert, \xe2\x80\x9cHow\ncon artist sent consumers e-mail     debit card accounts and assume      Not to Get Hooked by a\nmessages claiming that there         their identity online.              \xe2\x80\x98Phishing\xe2\x80\x99 Scam\xe2\x80\x9d warns consum-\nhad been a problem with the bill-                                        ers who receive e-mail that\ning of their AOL account. The e-     According to the FTC, the defen-    claims an account will be shut\nmail warned consumers that if        dant used the information to        down unless they reconfirm their\nthey didn\xe2\x80\x99t update their billing     charge online purchases and         billing information not to reply or\ninformation, they risked losing      open accounts with PayPal. In       click on the link in the e-mail.\ntheir AOL accounts and Internet      addition, he used consumers\xe2\x80\x99        Consumers should contact the\naccess. The mes-                          names and passwords to         company that supposedly sent\nsage directed con-                        log on to AOL in their         the message using a telephone\nsumers to click on                        names and send more            number or Web site address\na hyperlink in the                        spam. Finally, he recruited    they know to be genuine.\nbody of the e-mail                        others to participate in the\nto connect to the                         scheme by convincing them      More tips to avoid phishing\n\xe2\x80\x9cAOL Billing Cen-                         to receive fraudulently ob-    scams can be found at http://\nter.\xe2\x80\x9d When con-                           tained merchandise he had      www.ftc.gov/bcp/conline/\nsumers clicked on the link they      ordered for himself.                edcams/spam/coninfo.htm.\nlanded on a site that contained\nAOL\xe2\x80\x99s logo, AOL\xe2\x80\x99s type style,        The agency charged the defen-       To file a complaint or to get free\nAOL\xe2\x80\x99s colors, and links to real      dant\xe2\x80\x99s practices were deceptive     information on any of 150 con-\nAOL Web pages. It appeared to        and unfair, in violation of the     sumer topics, call toll-free, 1-\nbe AOL\xe2\x80\x99s Billing Center. But it      FTC Act. In addition, the FTC       877-FTC-HELP (1 877-382-\nwasn\xe2\x80\x99t. The defendant had hi-        alleged that the defendant\xe2\x80\x99s        4357), or use the complaint form\njacked AOL\xe2\x80\x99s identity and was        practices violated provisions of    at http://www.ftc.gov. The FTC\ngoing to use it to steal consum-     the Gramm-Leach-Bliley Act de-      enters Internet, telemarketing,\ners\xe2\x80\x99 identities as well, the FTC     signed to protect the privacy of    identity theft, and other fraud-\nalleged.                             consumers\xe2\x80\x99 sensitive financial      related complaints into Con-\n                                     information.                        sumer Sentinel, a secure, online\nThe defendant\xe2\x80\x99s AOL lookalike                                            database available to hundreds\nWeb page directed consumers          \xe2\x80\x9cPhishing is a two-time scam,\xe2\x80\x9d      of civil and criminal law enforce-\nto enter the numbers from the        said Timothy J. Muris, Chair-       ment agencies in the U.S. and\ncredit card they had used to         man. \xe2\x80\x9cPhishers\xe2\x80\x9d first steal a       abroad.\ncharge their AOL account. It\n\nPage 5                                                                             OIG INFORMATION DIGEST\n\x0cIdentity Thief... (cont. from page 5)\nIf you receive unwanted spam              Your complaint will be added           tem and help them stop it in\ne-mail you can report it to the           to the FTC's Consumer Senti-           the future. Complain to the\nFederal Trade Commission.                 nel database and made avail-           sender's ISP. Most ISPs\nSend a copy of any unwanted               able to hundreds of law en-            want to cut off spammers who\nor deceptive messages to                  forcement and consumer pro-            abuse their system.\nuce@ftc.gov. If you want to               tection agencies. Whenever\ncomplain about a removal link             you complain about spam, it's\nthat doesn't work or not being            important to include the full e-\nable to unsubscribe from a                mail header. Send a copy of\nlist, you can fill out the FTC's          the spam to your ISP's abuse\nonline complaint form at                  desk. By doing this, you can\nwww.ftc.gov.                              let the ISP know about the\n                                          spam problem on their sys-\n\nSteps to Computer Security (Article from the National Consumer\xe2\x80\x99s League)\nPick an effective password using             provide consumers with                  hackers who may try to get\nnumbers and characters. Avoid                faster access to the Internet,          financial and other personal\nusing obvious things such as                 are increasingly available              information that is stored on\nyour birth date or your children\xe2\x80\x99s           through telephone compa-                your computer.\nor pets\xe2\x80\x99 names.                              nies, cable companies, and\n                                             by satellite. If you have           \xe2\x97\x8a   If you are not using your\n\xe2\x97\x8a   Build a firewall. A firewall is          broadband service, you\xe2\x80\x99re               computer for extended peri-\n    like the fence around a fort.            always connected to                          ods of time, make sure\n    It makes it hard for intruders           the Internet when                            you turn it off. A hacker\n    to get into your computer                your computer is                             cannot access a com-\n    from cyberspace.                         turned on. When                              puter that is not on.\n                                             you\xe2\x80\x99re connected to\n\xe2\x97\x8a   Take extra security precau-              the Internet through\n    tions when you have broad-               broadband service,\n    band Internet access.                    you are more vulnerable to\n    Broadband services, which\n\n\n\n                                                  Organization\n           We\xe2\x80\x99re on the Web! Click on             UNITED STATES NUCLEAR\n          the NRC Public Web site and            REGULATORY COMMISSION\n         then the link to the Inspector\n          General. Follow that link to                   11545 Rockville Pike\n            the OIG Hotline and then                       Mail Stop T 5D28\n                                                         Rockville, MD 20851\n            click on the On-line form.\n                                                   Hotline Number 800-233-3497\n                                                         Fax: 301-415-5091\n\n\n\n\n                                               Office of the Inspector General\n\n\nNUREG/BR - 0 3 0 4                                                                                            Page 6\n\x0c"